The Find: We detected a connection with a poor IP address reputation due to suspicious threat activity. The EventTracker SOC analyst used the advanced logic in EventTracker SIEM, and quickly discovered that Emotet malware was active in the customer’s environment.

The Fix: The EventTracker SOC promptly alerted the MSP to the compromise.All identified malicious hashes and IP addresses were immediately moved to an unsafe list for process termination on the infected system.

As a part of the EventTracker threat intelligence distribution process, all indicators of compromise (IoC) and hashes were shared among the same business tenant to identify and thwart any present and future threats across all the MSP’s numerous clients.

The identified systems were taken off the network. Once the threats were mitigated, the systems were cleared and reconnected to the hotel chain’s network.

The Lesson: User education about phishing and spear phishing campaigns is important.It is critical to deploy a managed SIEM solution with integrated endpoint threat detection and response capability to rapidly eliminate cybersecurity threats.

Latest Catches

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.